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1  Introduction 

The  study  of  the  control  of  Discrete  Event  Dynamic  Systems 
(DEDS)  has  been  introduced  by  Wonham,  Ramadge,  et  al. 
[2,7,8,10].  This  work  has  prompted  a  considerable  response 
by  other  reseairchers,  exploring  a  variety  of  alternate  formu¬ 
lations  and  paradigms.  In  our  work,  we  have  had  in  mind  the 
development  of  a  regulator  theory  for  DEDS.  In  another  pa¬ 
per,  [4],  we  develop  notions  of  stability  and  stabilizability  for 
DEDS  while  in  [3],  we  focus  on  the  questions  of  observability 
and  state  reconstruction, using  what  might  be  thought  of  as 
an  intermittent  observation  model.  In  this  paper,  we  com¬ 
bine  our  work  on  stabilizability  and  observability  to  address 
the  problem  of  stabilization  by  dynamic  output  feedback  un¬ 
der  partial  observations.  Our  presentation  here  is  necessarily 
brief,  and  we  refer  to  [5]  for  details. 

2  Background  and  Preliminaries 

The  class  of  systems  we  consider  are  defined  over  G  — 
(X,  E,  r,  U),  where  X  is  the  finite  set  of  states,  with  n  =  |X  j, 
E  is  the  finite  set  of  possible  events,  F  C  S  is  the  set  of  ob¬ 
servable  events,  and  U  is  the  set  of  admissible  control  inputs 
consisting  of  a  specified  collection  of  subsets  of  E,  correspond¬ 
ing  to  the  choices  of  sets  of  controllable  events  that  can  be 
enabled.  The  dynamics  defined  on  G  are; 

a:[fc+l]  e  /(a:[I;],<r[I:-f  1])  (2.1) 

cr[I:  -f  1]  €  (d(a;[i:])  n  «[!:])  U  e(z[I;])  (2.2) 

The  function  d  specifies  the  set  of  possible  events  defined 
at  each  state, e(x)  specifies  the  subset  of  d(x)  events  that 
cannot  be  disabled  at  each  state,  and  the  function  /  specifies 
the  nondeterministic  state  evolution.  In  Section  4,  we  use 
this  general  framework  in  which  there  is  no  loss  of  generality 
in  taking  U  =  2^.  Up  to  that  point  we  assume  the  slightly 
more  restrictive  framework  of  [8]  in  which  U  =  2^  and  e(x)  = 
d(x[fc])  n  $  Furthermore,  we  assume  that  C  F. 

Our  model  of  the  output  process  is  quite  simple;  whenever 
an  event  in  F  occurs,  we  observe  it;  otherwise,  we  see  nothing. 
Specifically,  with  h{<r)  =  (t  if  <r  €  F  and  h{cr)  =  t  otherwise, 
where  e  is  the  “null  transition” ,  our  output  equation  is 

7[fc  -Hi]  =  /i(<T[fc  -f  1])  (2.3) 

Note  that  by  letting  h(si,  sj)  =  h{si)h(s2)  we  can  think  of  h 
as  a  map  from  S*  to  F* ,  where  F*  denotes  the  set  of  all  strings 


of  finite  length  with  elements  in  F,  including  the  empty  string 
c.  The  quadruple  A  =  (G,  /,  d,  h)  represents  our  system. 

Throughout  this  paper  we  will  assume  that  A  is  alive,  i.e. 
Vx  G  X,  d{x)  ^  0.  Another  notion  that  we  need  is  the  com¬ 
position  of  two  automata.  A,-  =  (G,-,/i,d,-,/i,)  which  share 
some  common  events.  The  dynamics  of  the  composition  axe 
specified  by  allowing  each  automaton  to  operate  as  it  would 
in  isolation  except  that  when  a  shared  event  occurs,  it  must 
occur  in  both  systems  [5].  We  also  need; 

Definition  2.1  Let  E  be  a  subset  of  X.  A  state  x  is  E-pre- 
stable  if  there  exists  some  integer  i  such  that  every  trajectory 
from  X  passes  through  E  in  at  most  i  transitions.  The  state 
X  is  E-stable  if  every  state  reachable  from  x  is  E-pre-siable. 
The  DEDS  is  E-stable  (respectively,  E-pre-stable j  if  every  x 
is  E-stable  (E-pre-stable).  • 

Definition  2.2  The  radius  of  A  is  the  length  of  the  longest 
cycle-free  trajectory  between  any  two  states  of  A.  The  E- 
radius  of  an  E-stable  system  A  is  the  maximum  number  of 
transitions  it  takes  any  trajectory  to  enter  E.  • 

We  refer  the  reader  to  [4]  for  a  more  complete  discussion  of 
this  subject  and  for  an  G(n^)  test  for  E-stability  of  a  DEDS. 
In  [4]  we  also  study  stabilization  by  state  feedback.  Here,  a 
state  feedback  law  is  a  map  K  :  X  —*  U  and  the  resulting 
closed-loop  system  is  Ak  =  {G,f,dK,  h)  where 

dxix)  =  (d(x)  n  X(x))  U  (d(x)  n  ¥)  (2.4) 

Definition  2.3  A  state  x  €  X  is  E-pre-stabilizable  ( respec¬ 
tively,  E-stabilizableJ  if  there  exists  a  state  feedback  K  such 
that  X  is  E-pre-stable  (E-stable)  in  Ak-  The  DEDS  is  E- 
stabilizable  if  every  x  is  E-stabilizable.  • 

We  refer  the  reader  to  [4]  for  a  complete  discussion  of  this 
subject  and  for  an  G(n^)  test  for  E-stabilizability,  which  also 
constructs  a  stabilizing  feedback. 

In  [3],  we  term  a  system  observable  if  the  current  state  is 
known  perfectly  at  intermittent  points  in  time.  Obviously,  a 
necessary  condition  for  observability  is  that  it  is  not  possible 
for  our  DEDS  to  generate  arbitrarily  long  sequences  of  un¬ 
observable  events.  This  is  not  difficult  to  check  and  will  be 
assumed.  We  now  introduce  some  notation  that  we  will  find 
useful; 

•  We  define  the  reach  of  x  in  A  as; 

E(A,x)  =  {t,GXlx-^*y}  (2.5) 
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where  x  — +*  y  denotes  that  x  reaches  y  via  some  event 
string  in  E* .  We  define  the  reach  of  x  in  A  as: 

R{A,x)  =  {y€X\x-.*  y}  (2.6) 

•  Let  Y  denote  the  set  of  states  x  such  that  either  there 
exists  an  observable  transition  defined  from  some  state 
y  to  X,  or  X  has  no  transitions  defined  to  it.  Let  q  =  |y|. 

•  Let  i(j4,  x)  denote  the  set  of  all  possible  event  trajecto¬ 
ries  of  finite  length  that  can  be  generated  if  the  system 
is  started  from  the  state  x.  Also,  let  Lj{A,  x)  be  the  set 
of  strings  in  L{A,  x)_that  have  an  observable  event  as  the 
last  event,  and  let  L{A)  =  Uj:ex 

•  Given  s  G  L{A,  x)  such  that  s  =  pr,  p  is  termed  a  prefix 
of  s  and  we  use  s/p  to  denote  the  corresponding  suffix  r. 

In  [3],  we  describe  an  observer  that  computes  the  subset 
of  Y  corresponding  to  the  set  of  possible  states  into  which 
A  transitioned  when  the  last  observable  event  occurred.  Let 
Z  C  2^  denote  the  observer  state  space.  Then  if  the  observer 
estimate  is  x[fc]  €  Z  and  the  next  observed  event  is  7[jk  -f  1], 
we  have: 

x[1: 4- 1]  =  iy(x[I:],  7[A:  +  1])  (2.7) 

where 

u;(x[fc],  7[I:  -1- 1])  ^  U*efl(>i|r,xii])  /(*.  T[fc  +  1])  (2.8) 

and 

7[*  +  1]  6  u(i[I:])  (2.9) 

where 

v{x[k])  =  h(Ueji(A|r.£[fe])(‘^(®)  n  «W)  u  (d(x)  n¥))  (2.10) 

The  set  Z  is  then  the  reach  of  {V}  using  these  dynamics, 
i.e.,  we  start  the  observer  in  the  state  corresponding  to  a 
complete  lack  of  state  knowledge  and  let  it  evolve.  We  let  x(t) 
for  t  G  r*  denote  the  observer  state  if  the  string  i  has  been 
observed.  Our  observer  then  is  the  DEDS  O  =  {F,  w,  v,  i), 
where  F  =  {Z,  F,  F,  U)  and  i  is  the  identity  output  function. 
In  [3],  we  show  that  A  is  observable  iff  O  is  stable  with  respect 
to  its  singleton  states.  We  also  show  that  if  A  is  observable 
then  all  observer  trajectories  pass  through  a  singleton  state 
in  at  most  transitions  so  that  the  radius  of  the  observer  is 
at  most  9®. 

Suppose  that  the  observed  sequence  of  transitions  includes 
errors  corresponding  to  inserted,  missed,  or  mistaken  events. 
We  term  an  observer  resilient  if  after  a  finite  burst  of  such 
measurement  errors,  the  observer  resumes  correct  behavior  in 
a  finite  number  of  transitions.  The  observer  O  as  specified  in 
2.7,2.9  is  defined  only  for  event  sequences  that  can  actually 
occur  in  the  system.  When  an  error  occurs,  the  observer 
may  at  some  point  be  in  a  state  such  that  the  next  observed 
event  is  not  defined.  In  this  case,  we  extend  rv  and  v  to  reset 
the  observer  state  to  {Y}.  This  yields  an  observer  Or  = 
(F,  wr,  vr,  i),  which  is  resilient  if  A  is  observable. 

A  compensator  is  a  map  C  :  T*  U,  yielding  a  closed 
loop  system  Ac  with: 

1]  G  dc(®W,#])  =  (d(x[fc])n(7(h(s[ib])))U(d(x)n¥) 

(2.11) 


where  s[jk]  =  <r[0]  ■  •  •  <r[jfc]  with  <7[0]  =  e. 

One  constraint  we  wish  to  place  on  our  compensators  is 
that  they  preserve  liveness.  Suppose  that  we  have  observed 
the  output  string  s.  Then,  we  must  make  sure  that  any  x 
reachable  from  any  element  of  x(s)  by  unobservable  events 
only  is  alive  under  the  control  input  C'(s): 

Definition  2.4  Givjen  Q  C  X,  F  C  F  is  Q-compatible 
if  for  all  X  G  iJ(A|r,Q),  (d(x)  0  F)  U  (<i(x)  n¥)  yt  0.  A 
compensator  C  is  A-compatible  if  for  all  s  G  h{L{A)),  C{s) 
is  x(s)-compatible.  • 

Definition  2.5  A  compensator  C  »s  O-compatible  if  for  all 
s,t  £  h{L{A)),  such  that  x(s)  =  x(t),  C(s)  =  C(t).  In 
this  case  there  exists  a  map  K  :  Z  U  such  that  C(s)  = 
i<r(v({y},  s))  for  s  G  h{L{A)).  K  is  termed  the  observer 
feedback  for  C.  • 

We  will  see  in  Section  3  that  we  can  restrict  attention  to  O- 
compatible  compensators  in  order  to  address  the  stabilization 
problem. 

3  Output  Stabilizability 

The  obvious  notion  of  output  F-stabilizability  is  the  exis¬ 
tence  of  a  compensator  C  so  that  Ac  is  F-stable.  Because  of 
the  nature  of  our  observations,  it  is  possible  that  such  a  sta¬ 
bilizing  compensator  may  exist,  so  that  we  are  sure  that  the 
state  goes  through  E  infinitely  often,  but  so  that  we  never 
know  when  the  state  is  in  E.  For  this  reason,  we  also  define 
a  stronger  notion  of  output  stabilizability  that  requires  that 
we  regularly  have  this  information  as  well.  For  simplicity,  we 
assume  observability  throughout. 

Definition  3.1  A  is  strongly  output  stabilizable  if  there  ex¬ 
ists  a  compensator  C  and  an  integer  i  such  that  Ac  is  alive 
and  for  all  p  G  L{Ac)  such  that  \p\  >  i,  there  exists  a  prefix 
t  of  p  such  that  |p/t|  <  i  and  x(h{t))  C  E.  We  term  such  a 
compensator  a  strongly  output  stabilizing  compensator.  • 

Proposition  3.2  A  is  strongly  output  stabilizable  iff  there 
exists  a  state  feedback  K  :  Z  —+  U  for  the  observer  such  that 
Xj  in  A  II  Ok  is  Eoc-stable,  where  Xj  =  {(x,  {y})|x  G 
A)  is  the  set  of  possible  initial  states  in  A  ||  Ok  where 
Eoc  =  {(*>*)  €  y  X  Z\x  C  E}  is  the  set  of  composite  states 
for  which  the  system  is  in  E  and  we  know  if.  ,  • 

Since  O  describes  all  the  behavior  that  can  be  generated  by 
A,  we  have  the  following: 

Proposition  3.3  A  is  strongly  output  stabilizable  iff  there 
exists  a  state  feedback  K  :  Z  —*  U  for  the  observer  such  that 
Ok  is  stable  with  respect  to  Eq  =  {x  G  Z\x  C  E}  and  for  all 
x  £  Z,  K{x)  is  x-compatible.  Furthermore,  if  A  is  strongly 
output  stabilizable  then  the  trajectories  in  the  reach  of  Xj  in 
A  II  Ok  go  through  Eoc  in  nf  most  nq^  transitions.  • 

Thus  we  can  test  strong  output  stabilizability  by  testing  the 
observer  for  stabilizability.  The  following  algorithm  adapts 
one  from  [3]: 


Proposition  3.4  The  following  algorithm  tests  for  strong 
output  siabilizability  and  constructs  the  corresponding  feed¬ 
back.  It  has  complexity  0{q^\Z\): 

Algorithm  Let  Zo  =  Eo  and  iterate: 

Pk+i  =  {i  G  ^|{7  €  «(i)|ttf(r,7)  €  Pi}  is  x-compatible} 
=  {76  w(x)|tu(®,  7)  €  Pi)  for  X  €  Pi+i 
Zk+t  =  ZkU  Pi+i 

Terminate  when  Zk+i  =  Zk  =  Z* .  A  is  strongly  output 
stabilizable  iff  Z  =  Z*.  • 

Consider  next  the  following  somewhat  weaker  notion: 

Definition  3.5  A  is  output  stabilizable  (respectively,  out¬ 
put  pre-stabilizable}  with  respect  to  E  if  there  exists  a  com¬ 
pensator  C  such  that  Ac  is  E-stable  (E-pre-stable).  We  term 
such  a  compensator  an  output  stabilizing  (respectively,  out¬ 
put  pre-stabilizingj  compensator.  • 

Proposition  3.6  A  is  output  stabilizable  iff  A  is  output  pre- 
stabilizable  while  preserving  liveness  (i.e.,  the  closed  loop  sys¬ 
tem  is  pre-stable  and  alive).  • 

Our  construction  of  a  pre-stabilizing  compensator  involves 
(a)  constructing  a  modified  observer  which  keeps  track  of  the 
states  the  system  can  be  in  if  the  trajectory  has  not  yet  passed 
through  E,  and  (b)  formulating  the  problem  of  pre-stabilizing 
A  by  output  feedback  as  a  problem  of  stabilizing  this  observer 
by  state  feedback. 

Consider  the  following  construction:  Delete  all  events  in  A 
that  originate  from  the  states  in  E  and  construct  the  cor¬ 
responding  observer.  Let  Ae  denote  this  system  and  let 
Ob  =  {Fe,we,oe)  denote  its  observer.  Note  that  Oe  has 
some  “trapping”  states,  each  of  which  is  a  subset  of  E.  If 
the  trajectory  ever  evolves  to  one  of  those  states,  then  we 
know  that  it  has  passed  through  E  in  A.  More  generally, 
for  any  state  x  of  Oe,  then  for  a  trajectory  that  evolves  to 
X,  the  system  can  be  in  one  of  the  states  in  x  n  P  only  if 
that  trajectory  has  not  passed  through  E  yet.  By  itself  Oe 
does  not  keep  track  of  enough  information  to  design  a  pre¬ 
stabilizing  compensator,  since,  in  order  to  preserve  liveness, 
we  also  need  to  know  all  the  states  in  which  the  system  can 
be.  For  this  reason  we  construct  Q  =  {Fq,  u;q,  uq)  =  1|  O 

together  with  the  initial  state  (F,  Y).  The  state  space  of  Q, 
is  ty  =  R{Q,  (y,  y))  which  has  the  same  size  as  that  of  Ob- 

The  following  lemma  shows  that  the  problem  of  output 
pre-stabilization  can  be  formulated  as  a  problem  of  pre¬ 
stabilization  of  Q.  The  key  is  to  find  a  state  feedback  K 
for  Q,  which  we  can  then  adapt  to  a  corresponding  compen¬ 
sator  for  A,  and  which  forces  all  trajectories  in  Qk  to  have 
finite  length.  In  doing  this,  however,  we  need  to  make  sure 
that  the  compensator  for  A  keeps  A  alive: 

Lemma  3.7  A  is  output  pre- stabilizable  with  respect  to 
E  while  preserving  liveness  iff  there  exists  a  feedback 
K:W—>-U  such  that  for  all  (^1,^2)  €  R{Qk, {¥,¥)) 
E({yi,y2))  is  y2-compaiible,  and  Qk  is  pre-stable  with  re¬ 
spect  to  its  dead  states,  i.e.,  with  respect  to  the  states  y  such 
that  VQ,^{y)  =0.  • 


In  order  to  construct  a  compensator  as  proposed  by  the  above 
lemma,  let  us  first  characterize  the  states  in  Q  that  we  can 
“kill”  while  preserving  liveness  in  A: 

^  _  {y  =  (yi,  yz)  €  W\3F  c  #  such  that 
^  OQF{y)  —  0and  F  is  p2-conipatible} 

(3.12) 

where  VQpiy)  =  (t'o(y)  H  F)  U  (v<}(y)  D  $). 

Proposition  3.8  A  is  output  pre-stabilizable  while  preserv¬ 
ing  liveness  iff  there  exists  a  state  feedback  Kq  such  that 
Qko  is  Eg-pre-stable  and  for  all  (yi.yz)  €  W,  /^((yi.yz)) 
is  y2-compatible  in  A.  Furthermore,  the  compensator  defined 
by  C{s)  =  KiwQ^^aY,Y),s))  for  s  6  L(Qif,(y,y))  and 
C{s)  =  #  for  all  other  s,  pre-stabilizes  A,  where 

{F  C  ^IfQFCy)  =  0  nnd 

F  is  y2- compatible  if  ye  Eq 
Ko{y)  otherwise 

Finally,  the  trajectories  in  Ac  go  through  E  in  at  most  nq^ 
transitions.  • 

Proposition  3.9  The  following  algorithm  tests  for  output 
pre-stabilizability  while  preserving  liveness  and  constructs  the 
corresponding  feedback.  It  has  complexity  0(^®|iy|): 
Algorithm  Let  Zq  =  Eq  and  for  y  =  (yi,y2)  G  Eg,  let 
K{y)  =  F  C  ^  where  F  is  such  that  VQF(y)  =  0  and  F  is 
y2- compatible.  Iterate: 

Ffc+i  =  {y  G  iyi{7  G  VQ(y)|it)(j(y,7)  €  Ft} 
is  y2-compatible  in  A} 

Eiy)  =  {7evQ(y)\wQ{y,j)ePk}  foryePk-ki 
Zk-i-i  =  ZkU  Pk+i 

Terminate  when  Zk+i  =  Zk  =  Z* .  A  is  output  pre- 
stabilizable  iff  (y,  Y)£Z-.  • 

Note  that  if,  at  some  point,  we  are  certain  that  the  tra¬ 
jectory  has  passed  through  E,  we  can  force  the  trajectory  to 
go  through  E  again  by  starting  the  compensator  over,  i.e., 
by  ignoring  all  the  observations  to  date  and  using  the  pre¬ 
stabilizing  compensator  on  the  new  observations.  We  now 
present  an  approach  which  allows  us  to  detect,  as  soon  as 
possible,  that  the  trajectory  has  passed  though  E.  Given  an 
output  pre-stabilizable  A,  suppose  that  C  is  the  correspond¬ 
ing  compensator  and  K  is  the  corresponding  Q-feedback 
for  C.  Recall  that  in  general,  given  some  y  =  (yi,y2)  G 
PiQK,(Y,Y)),  not  all  events  defined  at  j/2  are  defined  at 
y.  Suppose  that  we  start  Qk  in  (y,y)  and  then  observe 
s  €  h{L{Ac)nLiQK,iY,Y)),  so  that  y  =  u;Q^((y,y),s)  is 
the  present  state  of  Qk,  and  suppose  that  the  next  obser¬ 
vation  is  a  transition  cr  ^  VQ^Cy)-  We  then  know  that  the 
trajectory  has  passed  through  E.  At  this  point,  we  wish  to 
force  the  trajectory  to  pass  through  E  again,  but  in  doing  so, 
we  can  use  our  knowledge  of  the  set  of  states  that  the  system 
can  be  in,  i.e.,  w{y2,  cr).  What  we  would  then  like  to  do  is  to 
have  Q  transition  to  the  state  z  =  (w(y2,  cr),  w(y2,  o')).  How¬ 
ever,  as  we  have  defined  it  so  far,  r  may  not  be  in  W.  What 
we  must  do  in  this  case  is  to  augment  W  with  all  such  z’s  and 
any  new  subsequent  states  that  might  be  visited  starting  from 


such  a  z  and  using  the  dynamics  of  Q  (or  its  restriction  un¬ 
der  feedback)  extended  to  arbitrary  subsets  yi ,  ^2  C  Y.  We 
modify  this  definition  as  follows:  if  =  0,  then  we 

WQjf{(in,y2),<T)  to  iw(y2,(T),w{y2,a)).  Let  W“  be  the 
union  of  the  reaches  of  all  states  of  the  form  (Y\Y')  with 
Y'  CY  and  define  =  {F'‘,w,v)  where  =  (W“,r,  F). 
Note  that  Eg  C  and  (Y.y))  C  If  in  fact  any 

z  =  (y',  y')  is  pre-stabilizable  with  respect  to  R{Qk,  (y>  y)) 
in  then  we  can  force  the  trajectory  to  pass  through  E. 
The  next  result  states  that  pre-stabilizability  of  Q  is  sufficient 
for  being  able  to  do  this: 

Proposition  3.10  If  there  exists  a  feedback  K  for  Q  such 
that  Qk  is  Eg-pre-stahle  and  K(y)  is  y2-compatible,  then 
there  exists  a  feedback  K'  such  that  for  any  Y'  C  Y,  z  = 
(y',y')  is  pre-stable  with  respect  to  R{Qk,(Y,Y))  in  Qj^, 
and  K'{y)  is  y2-compatihle  for  each  y  =  (yi ,  5/2)  G  R{Qk' >  ^)- 


Note  that  K'  can  be  chosen  so  that  K'{y)  —  K(y)  for  all 
y  G  /E(Qif ,  (y,y))  and  the  algorithm  in  Proposition  3.9  can 
be  used  for  constructing  such  a  K'. 

In  order  to  construct  an  output  stabilizing  compensator, 
we  use  the  above  proposition  recursively  as  follows:  Let  Kq 
be  a  feedback  that  pre-stabilizes  Q  and  preserves  liveness, 
as  can  be  constructed  using  the  algorithm  in  Proposition 
3.9.  Let  Zo  =  {y,  ?/}  be  the  initial  state  of  Qko  and  let 
Wo  =  R(Qi{g,Zo),  i.e.,  the  states  we  may  be  in  when  we 
know  that  the  trajectory  has  already  passed  through  E.  We 
then  augment  Zo  to  include  the  states  to  which  we  may  “re¬ 
set”  our  compensator: 


Zi  =  ZoU  ”  *"(2/2, 0-) 

for  some  y  =  (yi,y2)  €  Wq  and  a  G  v{y2,  Koiy))} 

(3.13) 

where  f(y2,  ifo(j/))  =  (w(j/2)  H  Ko{y))  U  (u(y2)  n  ^).  Next, 
we  find  a  feedback  Ki  that  satisfies  Proposition  3.10  for 
each  (y',y')  €  Zi,  and  we  let  Wi  =  R{Qk^,Zi).  Pro¬ 
ceeding  in  this  fashion,  we  construct  W2,  W3,  etc.,  until 
Wjt+i  =  Wk  =  W  for  some  k.  Let  K'  be  the  correspond¬ 
ing  feedback.  Then  (1)  Qk'  is  £^Q-pre-stable;  (2)  K'{y)  is 
j/2-compatible  for  all  y  €  W';  and  (3)  for  all  y  Q.  Eg  r\W' 
and  a-  G  v(y2,K'{y)),  {w{y2,a),w(y2,0'))  G  W  Finally,  we 
construct  Q'  =  {F' ,  w',  v')  where  F'  =  {W,  F,  F): 


w'{y,  <r) 

v'iy) 


\  WQ{y,<r)  141 

i  («'(y2,o"),n^(y2,o'))  otherwise  '  ’ 

Ky2,K{y))  (3.15) 


Then,  the  compensator  C{s)  =  /'!r'(u;'((y,y),  5))  for  all  s  G 
L(Q',  (y,  y))  stabilizes  A. 


4  SufRcient  Conditions  Testable  in 
Polynomial  Time 


[3]).  In  this  section,  we  present  sufficient  conditions  that  can 
always  be  tested  in  polynomial  time  in  q. 

It  is  well  known  in  linear  system  theory  that  controllability 
and  observability  imply  stabilizability  using  dynamic  output 
feedback.  Unfortunately,  this  is  not  true  in  our  framework, 
since  we  only  require  that  the  state  is  known  intermittently. 
We  start  this  section  by  showing  that  we  obtain  a  result  sim¬ 
ilar  to  that  for  linear  systems  if  we  assume  as  in  [5]  that  after 
a  finite  number  of  transitions,  and  for  each  transition  after 
that,  we  have  perfect  knowledge  of  the  current  state. 

A  set  <3  C  X,  Q  is  f -invariant  in  A  if  all  state  trajecto¬ 
ries  from  Q  stay  in  Q.  In  [4],  we  present  an  algorithm  that 
computes  the  maximal  /-invariEmt  subset  of  a  given  set.  Let 
Eu,  be  the  maximal  UKinvariant  subset  of  the  set  of  singleton 
states  of  O.  li  E^  ^  and  if  O  is  £l„,-stable,  then  at  some 
finite  point  the  observer  state  enters  E^  and  never  leave,  so 
that  the  state  will  be  known  perfectly  from  that  point  on: 

Proposition  4.1  Suppose  that  (i)  E  D  E^  =  0;  (ii)  A  is 
E  r\  Evi-stabilizable;  (Hi)  O  is  Em-stable,  then  A  is  output- 
stabilizable.  • 

To  show  that  the  computational  complexity  of  testing  Propo¬ 
sition  4.1  is  polynomial  in  g,  we  proceed  as  we  did  in  [3].  First, 
we  construct  an  automaton  A'  =  (G',f',d',i),  over  Y  that 
models  the  state  transition  behavior  sampled  at  the  times  at 
which  observable  events  occur  so  that  /'  and  d'  can  be  con¬ 
structed  from  A  and  i  is  the  identity  function).  Note  that  the 
observers  for  A  and  A'  are  identical.  Next,  let  P  =  y  x  y 
and  construct  the  pair  automaton  Op  with  state  space  P  and 
event  set  F.  The  dynamics  of  Op  have  the  following  interpre¬ 
tation.  Suppose  that  the  system  might  be  in  either  state  x  or 
state  y,  and  suppose  that  the  event  7  occurs.  Then,  the  next 
state  of  A'  could  be  any  element  of  5  =  f'{x,  7)U/'(y,  7)  The 
dynamics  of  Op  capture  this  possible  ambiguity  by  moving 
from  (x,  y)  to  any  (x',y')  with  x',  y'  €  S.  Also,  there  are  some 
special  states  in  Op,  namely  those  in  Ep  =  {(x,a:)|a:  G  T}, 
corresponding  to  no  ambiguity.  Indeed  the  following  provides 
an  efficient  way  in  which  to  compute  Em : 

Proposition  4.2  Em  is  the  maximal  w-invariant  subset  of 
the  singleton  states  ofO  ij5'{(x,x)|{x}  G  Em}  is  the  maximal 
wp-invariant  subset  of  Ep  in  Op.  • 

Furthermore,  it  follows  from  [3]  that  O  is  jFu,-stable  iff  Op 
is  {(x,x)|{x}  G  J5ui}-stable,  and  from  [4]  we  can  show  that 
Proposition  4.1  can  be  tested  in  0(q^)  time. 

We  can  also  test  a  weaker  sufficient  condition.  A  set  Q  is 
sustainably  (/,  u)-invariant  in  A  if  there  exists  a  state  feed¬ 
back  such  that  Q  is  alive  and  /-invariant  in  the  closed  loop 
system.  Let  E^  be  the  maximal  sustainably  {w,  «)-invariant 
subset  of  the  singleton  states  and  let  Ku  be  the  associated 
state  feedback  (see  [4]  for  construction).  Note  that  only 
needs  to  act  on  the  singleton  states,  and  thus  it  can  also  be 
thought  of  as  a  feedback  for  A.  Note  also  that  Ku  needs  to 
disable  those  events  that  take  states  in  Eu  outside  of  Eu ,  and 
it  is  unique  provided  that  it  only  disables  such  events. 


We  have  presented  necessary  and  sufficient  conditions  for  out¬ 
put  stabilizability  that  can  be  tested  in  polynomial  time  in 
the  cardinality  of  the  observer  state  space.  However,  while  in 
many  cases  the  observer  state  space  may  be  small,  there  are 
worst  cases  in  which  its  cardinality  is  exponential  in  q  (see 


Proposition  4.3  Suppose  that  (i)  E  H  Eu  0;  (H)  A  is 
E  n  Eu-stabilizable;  and  (Hi)  O  is  Eu-stahle.  Then  if  K,(x) 
is  a  stabilizing  feedback,  the  feedback 


H- 


if  X  =  {x}  G  Eu 
otherwise 


(4.16) 


is  an  output  stabilizing  feedback  for  A.  • 

It  can  be  shown  that  this  sufficient  condition  for  output  sta- 
bilizability  can  also  be  tested  in  0{q^)  time. 

We  conclude  this  section  by  presenting  an  even  weaker  suf¬ 
ficient  condition.  We  term  a  state  x  always  observable  if 
whenever  the  system  is  in  x,  the  observer  estimate  is  {x}. 
We  term  a  system  a-observable  if  it  is  stable  with  respect  to 
its  always  observable  states.  Suppose  that  A  is  a-observable 
eind  let  us  construct  the  automaton  Aa  which  is  the  same  as 
A  except  that  only  events  in  always  observable  states  can  be 
controllable,  i.e.,  eo(x)  =  d(x)  for  all  states  x  that  are  not 
always  observable.  If  Aa  is  stabilizable  then  A  is  also  output 
stabilizable  since  whenever  we  need  to  exercise  control,  we 
have  perfect  knowledge  of  the  state: 

Proposition  4.4  Given  an  a-observable  system  A,  if  Aa  is 
E -stabilizable  then  A  is  output  stabilizable.  • 

It  can  be  shown  that  this  sufficient  condition  can  be  tested 
in  0(q^)  time. 

5  Resiliency 

In  this  section  we  study  the  property  of  resilient  output  sta- 
bilizability  in  the  sense  that  in  spite  of  a  burst  of  observation 
errors,  the  system  stays  alive  and  goes  through  E  infinitely 
often.  To  begin  we  say  that  the  discrepancy  between  two 
strings  s  and  t  is  of  length  at  most  t,  denoted  by  ^(s,t)  <  i, 
if  there  exists  a  prefix,  p,  of  s  and  t  such  that  |s/p|  <  i  and 
|t/p|  <  i. 

Definition  5.1  A  is  resiliently,  strongly  output  stabilizable 
if  there  exists  a  strongly  output  stabilizing  compensator  C  : 
r*  — »•  i7  and  an  integer  i  such  that  for  all  strings  s  that  can  be 
generated  by  Ac,  i.e.,  Vx  6  X,  and  Vs  G  Lf{Ac,x);  and  for 
all  possible  oupui  strings  t  which  can  be  generated  by  corrupt¬ 
ing  h(s)  with  a  finite  length  burst,  i.e.,  V  positive  integers  j, 
and  Vf  G  F*  such  that  i(t,h(s))  <  j,  the  compensator  acting 
on  such  corrupted  strings  still  strongly  stabilizes  the  system 
after  the  error  burst  has  ended.  That  is,  for  each  such  x, 
s,  and  t,  the  compensator  C'{h{s'))  =  C(th(s')),  defined  for 
s'  G  h{L{A,  /(x,  s)))  is  such  that 

•  the  range  of  f{x,s)  is  alive  in  Ac,  i-c.,  for  all  x  G 
Ri^C',f{x,s)),  dc'ix)  ^  0 

•  for  all  p  G  L{Ac>,  f{x,s))  such  that  |p|  >  i,  there  ex¬ 
ists  a  prefix  p/  of  p  such  that  \p/p'\  <  i  and  f{x,sp)  C 
u^c«({y},th(p'))  C  E,  where  wcR  is  the  transition 
function  of  the  resilient  observer  Ocr  for  Ac- 

We  say  that  C  is  a  resiliently,  strongly  stabilizing  compen¬ 
sator  for  A.  • 

The  requirements  on  C'  ensure  that  the  compensator  C  act¬ 
ing  on  the  corrupted  output  string  (a)  preserves  liveness,  and 
(b)  stabilizes  A  following  the  burst. 

Let  us  return  to  the  characterization  of  strong  output  sta- 
bilizability  in  Proposition  3.3,  but  note  that  we  must  now 
use  the  resilient  observer  Or  in  place  of  O  in  the  actual  im¬ 
plementation.  If  an  error  burst  now  occurs,  it  may  put  the 
system  and  observer  in  arbitrary  states  not  necessarily  within 


the  reach  of  the  initial  states  Xi  defined  in  Proposition  3.3. 
Since  A  ||  Okr  =  -^  ||  Ok,  we  have: 

Proposition  5.2  A  is  resiliently,  strongly  output  stabilizable 
if  there  exists  a  state  feedback  K  :  Z  —*  U  for  the  observer 
such  that  A  ||  Or  is  Eoc-stable.  • 

Finally,  we  have  the  following  companion  of  Proposition 
3.2  which  states  that  it  is  necessary  and  sufficient  to  tet  O 
for  J?o-8tability,  but  since  the  burst  may  put  the  system  and 
the  observer  in  arbitrary  states,  we  need  an  X-compatible 
feedback: 

Proposition  5.3  A  is  resiliently,  strongly  output  stabilizable 
with  respect  to  E  iff  there  exists  a  state  feedback  K  for  the 
observer  such  that  Ok  is  Eo-stable  and  for  all  x  ^  Z,  K{x) 
is  X -compatible.  • 

An  algorithm  for  testing  resilient,  strong  output  stabilizabil- 
ity  and  constructing  a  feedback  is  identical  to  Algorithm  3.4 
except  that  when  we  search  for  a  feedback,  we  search  for  one 
that  is  A-compatible,  and  the  computational  complexity  is 
again  0{<^\Z\). 

Definition  5.4  A  is  resiliently  output  stabilizable  if  there 
exists  an  output  stabilizing  compensator  C  such  that  for  all 
strings  s  that  can  be  generated  by  Ac,  i-s.,  Vx  G  X,  and 
Vs  G  Lj{Ac,x);  and  for  all  possible  ouput  strings  t  which 
can  be  generated  by  corrupting  h{s)  with  a  finite  length  burst, 
i.e.,  V  positive  integers  i,  and'it  G  F*  such  that  ^{t,  h{s))  <  i, 
the  trajectories  starting  from  f{x,  s)  visit  E  infinitely  often, 
i.e.,  /(x,s)  is  E-stable  in  Ac',  where  C'(/i(s'))  =  C{th(s')) 
for  all  s'  G  h{L{A,  f{x,s))).  We  say  that  C  is  a  resiliently 
stabilizing  compensator  for  A.  • 

Lemma  5.5  If  C  is  a  resilient  output  stabilizing  compen¬ 
sator  then  C(s)  is  X-compatible  for  all  s  G  h{L(A)).  • 

Necessary  and  sufficient  conditions  for  resilient  output  stabi- 
lizability  parallel  those  of  output  stabilizability  except  that 
we  need  to  use  AT-compatible  feedback.  Since,  a  resilient 
output  stabilizing  compensator  needs  to  be  defined  for  all 
strings  in  F*,  given  a  feedback  K  for  the  automaton  Q  de¬ 
fined  in  Section  3.2,  we  define  Qkr  =  (GKRi'uiKRtVKR) 
so  that  VKRiT)  =  (F)  and  WK,Riy,y)  resets  Qk  to  {¥,¥) 
if  7  ^  VQ^(y)  We  can  then  define  a  compensator  C(s)  = 
X(wKR((y,Y'),  s))  for  all  s  G  F*.  We  state  the  following 
companion  of  Proposition  3.8  where 

„  {y  =  (2/1 ,  y2)  G  VF|3F  C  #  such  that  . 

^  VQF(y)  =  ^  and  F  is  A-compatible}  '  '  ' 

Proposition  5.6  A  is  resiliently  ouput  stabilizable  iff  there 
exists  a  state  feedback  K  such  that  Qk  is  EqR-pre- stable  and 
for  all  y  G  W,  K{y)  is  X-compatible  in  A.  Furthermore, 
the  compensator  defined  by  C{s)  =  K{wKRi(Y,  T),  s))  for  all 
s  G  F*  resiliently  stabilizes  A.  • 

We  can  test  for  resilient  output  stabilizability  and  can  con¬ 
struct  a  feedback  by  modifying  Algorithm  3.4,  using  Eqr  in 
place  of  Eq  and  checking  X-compatibility. 
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